Automation and Orchestration

The management burden for IT and security operations teams continues to grow with the evolution of cyber threats and networking technologies, such as cloud and SDN. Automation and orchestration serve as a workforce multiplier, reducing the amount of human intervention needed to execute IT infrastructure and security tasks. We take a custom approach, analyzing your current infrastructure to identify where automation and orchestration make sense. We model your use cases and recommend tools from leading vendors such as Phantom and AppViewX. We then create, test, and validate custom scripts and workflow templates and ensure the technology and processes are fully integrated across your environment. 

Infrastructure Operations 
 
Task automation and workflow orchestration for multi-vendor environments, including F5, InfoBlox, Fortinet, and ServiceNow. Orchestration integrates a variety of application delivery controllers (ADC), network devices, IP address management (IPAM) systems, etc. using APIs
 
  • Delegate access on an ADC, e.g. from F5, to allow a server administrator to add or remove pool members from a virtual IP.
  • Delegate access on a firewall to allow a server administrator to request a firewall change.
  • Reserve an IP, add a DNS record with IPAM in InfoBlox and create a virtual server on an ADC
  • Batch of configuration changes to a group device, with notification after completion to key stakeholders
  • Update device software to a family of security products via a workflow for approval
  • Bring devices out of compliance with auto remediation scripts
 
Security Operations 
 
Automation of common investigation and response actions using centralized workflows, across a variety of technologies, including Splunk, Fortinet, Juniper, FireEye, CrowdStrike and McAfee.  Automation leverages multiple types and sources of security data (e.g. SIEM alerts, threat intelligence) to trigger playbooks across the infrastructure.  
 
  • Investigate and contain ransomware by detonating the malicious file, blocking the command and control (C&C) server, containing the file on endpoints, and disabling active directory accounts of impacted users
  • Investigate and remediate phishing emails by analyzing file attachments or embedded URLs, containing the affected endpoints, and deleting suspicious emails
  • Contain a potentially malicious insider by automatically blocking access across systems in the environment, based on a threat score threshold from your user entity and behavior analytics platform
  • Quickly automate the provisioning and de-provisioning of users to protect sensitive assets
  • Automate and contain compromised credentials when security incident is raised for a specific user
 
 
Download

Automation and Orchestration

Talk to an expert

Our security team can help you with the right advice. Contact us today »

Latest Cybersecurity News

Please enter your email address to receive our cybersecurity newsletter.